Any way to grant a server level permission to allow [NT AUTHORITY\SYSTEM] to connect to any database?

  • Using SQL Server 2012, 2014 and 2016.  I'm aware of GRANT CONNECT ANY DATABASE TO login as a new feature in SQL Server 2014.  I wasn't able to get it to work on SQL Server in any case!   Here is the requirement... we have a tool outside of SQL Server using [NT AUTHORITY\SYSTEM] to make connections to user databases.   By default, from SQL Server 2012,   [NT AUTHORITY\SYSTEM]  is not a member of syadmin so the connections fail.   We can't change the way the tool connects to use a different account or whatever so we're stuck with it.  We should also not make it a syadmin.   

    As I test, I mapped the [NT AUTHORITY\SYSTEM] login to one user database without any explicit db level perms - so connect only.   The error log entries and alerts for that database disappeared.   So, at worst, I could map  [NT AUTHORITY\SYSTEM] to all user databases, connect only, on all servers but it's not a very nice solution - thousands of databases.   So, the question is, without making  [NT AUTHORITY\SYSTEM] a sysadmin and without mapping the login to every single user database, is there a neat way to grant permissions at the server level to  [NT AUTHORITY\SYSTEM] so that it can connect to any database (preferably just user databases)?

    Thanks in advance

  • I know this isn't the helpful answer that you're looking for but I'd start looking for a different tool to use.  The one you have is way too demanding.

    --Jeff Moden


    RBAR is pronounced "ree-bar" and is a "Modenism" for Row-By-Agonizing-Row.
    First step towards the paradigm shift of writing Set Based code:
    ________Stop thinking about what you want to do to a ROW... think, instead, of what you want to do to a COLUMN.

    Change is inevitable... Change for the better is not.


    Helpful Links:
    How to post code problems
    How to Post Performance Problems
    Create a Tally Function (fnTally)

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply